fix(deps): update dependency posthog-js to ^1.376.6#1133
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
566f7f3 to
46056de
Compare
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
46056de to
c64bb12
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
c64bb12 to
e3b0072
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
e3b0072 to
ddadaeb
Compare
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
ddadaeb to
47c80d7
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
47c80d7 to
c036c93
Compare
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
c036c93 to
0e3d928
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
0e3d928 to
a27bf3d
Compare
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
a27bf3d to
036927d
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
036927d to
a5d601e
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
5133121 to
ba63e1d
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
ba63e1d to
937bb00
Compare
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
937bb00 to
0aec1b4
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
0aec1b4 to
18752dd
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
18752dd to
0311bb1
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
0311bb1 to
dd8c28f
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
dd8c28f to
ff7c106
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
ff7c106 to
2b77373
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/posthog-js-1.x
branch
from
2b77373 to
7dc415c
Compare
renovate
Bot
changed the title
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.218.2→^1.376.6Release Notes
PostHog/posthog-js (posthog-js)
v1.376.6Compare Source
1.376.6
Patch Changes
663e250Thanks @pauldambra! - fix(persistence): skip the storage write when the serialized props are unchanged. Callers spamsave()after every property change, and many of those changes leave the serialized payload identical (e.g. resetting a value to its current value). Writing identical bytes to localStorage still fires a cross-tabstorageevent in every same-origin tab, where Chrome allocates the payload buffer in mojo IPC even though no listener reacts. Nowsave()compares the serialized payload against the last successful write and bails out when nothing changed.(2026-05-31)
v1.376.5Compare Source
1.376.5
Patch Changes
66cbc59Thanks @pauldambra! - fix(persistence): throttle session-activity timestamp writes to a 5s granularity. The in-memory value still moves at full resolution; only writes to localStorage/cookie are coalesced. Activity-timestamp-only updates within the granularity window are skipped, dropping localStorage write pressure and cross-tabstorageevent broadcasts on pages that capture many events per second. The pending in-memory value is flushed ondestroyandbeforeunloadso a tab close inside the window does not leave the persisted value up to 5s stale for sibling tabs. The flush re-reads storage first and bails out if a sibling tab has rotated the session, so the flush cannot clobber the new session with the old id/start.(2026-05-31)
d9ad199]:v1.376.4Compare Source
1.376.4
Patch Changes
#3685
f59f35aThanks @ioannisj! - fix(cookieless): enable request queue when opting out inon_rejectmode. When usingcookieless_mode: "on_reject", callingopt_out_capturing()correctly switched the SDK into cookieless capturing but never enabled theRequestQueue— so batched events were enqueued but never flushed over the network. At init time the queue was not started because consent wasPENDINGandis_capturing()returnedfalse;opt_out_capturing()is the first moment capturing becomes active but was missing the_start_queue_if_opted_in()call thatopt_in_capturing()already had.(2026-05-28)
#3692
f01cd93Thanks @ksvat! - fix(replay): take a fresh full snapshot after session ID rotates viaforcedIdleReset. Previously, when the session manager's idle enforcement timer rotated the session id, the recorder tore down rrweb and set_isIdle = 'unknown'before the new session id was observed. Neither restart path then fired (the_onSessionIdCallbackguard only restarted when_isIdle === true, and_updateWindowAndSessionIdscould not run with rrweb stopped), so the new session received only incremental mutations until a later snapshot — leaving the player stuck on "Buffering". The restart guard now also fires when rrweb isn't running.(2026-05-28)
#3691
cc71f3fThanks @ksvat! - fix(replay): shipph-no-captureabsolute-position fix from #3678 toposthog-js. The original changeset only bumped@posthog/rrweband@posthog/rrweb-snapshot; becauseposthog-jsdepends on@posthog/rrwebviaworkspace:*, the cascade did not bumpposthog-js, so the rebuilt bundle containing the fix was not published. This changeset re-publishesposthog-jswith the fix.(2026-05-28)
#3695
e1ff722Thanks @ksvat! - chore(replay): expose$sdk_debug_rrweb_attachedand$sdk_debug_rrweb_start_attempteddebug properties on captured events. Today the SDK already stamps several$sdk_debug_*properties (start reason, linked-flag trigger status, recording status) that report the SDK's intent to record — they all flip to "active" as soon as the state machine evaluates the configured triggers. None of them observe whether rrweb actually attached and is producing events. The new booleans close that gap:$sdk_debug_rrweb_start_attemptedis set when_startRecorder()is first entered, and$sdk_debug_rrweb_attachedreflects whether_stopRrwebis currently a non-falsy stop handle (i.e.rrwebRecord({...})returned successfully and the recorder has not been torn down). No behavior change — this only adds two booleans to the existingsdkDebugPropertieschannel, used to diagnose cases where a session reportstrigger_activated/recording_status: activebut no$snapshotdata is ever uploaded.(2026-05-28)
Updated dependencies [
7b84b75]:v1.376.3Compare Source
1.376.3
Patch Changes
9cac1f6Thanks @marandaneto! - Improve console log serialization performance for large objects.(2026-05-27)
v1.376.2Compare Source
1.376.2
Patch Changes
cafa9ccThanks @pauldambra! - fix(replay): stop polling preload-as-style<link>elements forever. Session recorder treated<link rel="preload" as="style" href="*.css">as if it were a stylesheet and waited forlink.sheetto populate. Per spec preload links never instantiate aCSSStyleSheet, so the wait timed out, re-serialized the link, scheduled another wait, and leaked aloadlistener on every cycle — multiplying further on every realloadevent. Pages with Next.js-style CSS preloads accumulated thousands of active polling chains, saturating the main thread and freezing the tab on refocus(2026-05-26)
v1.376.1Compare Source
1.376.1
Patch Changes
5568f12]:v1.376.0Compare Source
1.376.0
Minor Changes
6e8d349Thanks @arnaudhillen! - Expose the in-repo@posthog/rrweb,@posthog/rrweb-types, and@posthog/rrweb-plugin-console-recordpackages as subpath entry points onposthog-js. Consumers can nowimport { Replayer } from 'posthog-js/rrweb',import type { eventWithTime } from 'posthog-js/rrweb-types', andimport { LogLevel } from 'posthog-js/rrweb-plugin-console-record'instead of installing the underlying rrweb packages directly. The rrweb worker sourcemap (image-bitmap-data-url-worker-*.js.map) is also shipped fromposthog-js/dist/so downstream bundlers no longer need to reach intonode_modules/@​posthog/rrweb.(2026-05-22)
Patch Changes
c806ccaThanks @marandaneto! - Use native async gzip compression for session recording events when CompressionStream is available.(2026-05-22)
c806cca]:v1.375.0Compare Source
1.375.0
Minor Changes
2e1d5f4Thanks @dustinbyrne! - Addflag_keysconfig to restrict browser feature flag remote evaluation to specific flag keys.(2026-05-21)
Patch Changes
2e1d5f4]:v1.374.4Compare Source
1.374.4
Patch Changes
#3638
87e2145Thanks @marandaneto! - Apply tracing headers to matching XMLHttpRequest requests(2026-05-21)
#3646
4f87827Thanks @marandaneto! - Avoid throwing or initializing PostHogProvider when no API key or client is provided(2026-05-21)
#3645
280832bThanks @TueHaulund! - Capture<link rel="stylesheet">URLs fromlink.sheet.hrefand trylink.sheetdirectly for inlining, so recordings survive SPAhistory.pushStatenavigations between routes of different path depths (wherelink.hrefre-resolves against a new baseURI butlink.sheet.hrefpreserves the URL the browser actually fetched).Ships the fix landed in #3635, which only bumped the internal
@posthog/rrweb-snapshotpackage — that package is bundled intoposthog-jsat build time but is not published to npm on its own, so aposthog-jsbump is needed to actually deliver the change. (2026-05-21)Updated dependencies []:
v1.374.3Compare Source
1.374.3
Patch Changes
557b893Thanks @eli-r-ph! - Enable $web_vitals reporting when cookieless mode is enabled(2026-05-20)
557b893,a880dbc]:v1.374.2Compare Source
1.374.2
Patch Changes
#3550
df91995Thanks @TueHaulund! - Preserve session-recording remote config acrossposthog.reset().posthog.reset()was clearing the entire persistence store, which wiped$session_recording_remote_configalong with user state. On the next sessionrotation triggered by the reset,
start('session_id_changed')would early-returnbecause the remote config was missing — leaving rrweb torn down and the new
session opening with no Meta + FullSnapshot until the next periodic 5-minute
checkout.
This affected any flow where an app calls
posthog.reset()mid-session(e.g. on sign-out / sign-in) and was particularly visible on Flutter Web
recordings that depend on a fresh FullSnapshot to anchor the CanvasKit DOM. (2026-05-18)
Updated dependencies []:
v1.374.1Compare Source
1.374.1
Patch Changes
07a0f5fThanks @marandaneto! - Respect transport overrides passed to posthog.capture.(2026-05-18)
v1.374.0Compare Source
1.374.0
Minor Changes
594ea11Thanks @pauldambra! - Dead clicks: add a.ph-no-deadclickCSS class (andcapture_dead_clicks.css_selector_ignorelistconfig option) to exclude specific elements from dead-click detection without affecting autocapture, session replay, or heatmaps. Mirrors the existing.ph-no-rageclickpattern.(2026-05-18)
Patch Changes
3c0a09fThanks @pauldambra! - Dead clicks: a click on an<a>(or any element inside an<a>, including across shadow DOM) is no longer flagged as a dead click — the browser navigates / downloads / opens a new window and we can't observe that. Reuses autocapture's existing DOM walker for the ancestor walk. Direct clicks on<button>,<input>,<select>,<textarea>,<label>, and<form>(previously all skipped) are now eligible for dead-click detection: if their JS handler ran, the existing mutation / scroll / selection observers see the effect; if it didn't, dead-click correctly surfaces the bug. A broken<button>with no handler, or an<svg>icon inside one, will now flag — which is exactly the dead-click case we want to catch.(2026-05-18)
594ea11]:v1.373.5Compare Source
1.373.5
Patch Changes
221973eThanks @lucasheriques! - Surveys: submit open text questions with Cmd/Ctrl+Enter. The textarea still inserts a newline on plain Enter (native behaviour), matching the convention used by Slack, GitHub, Discord, and ChatGPT for multi-line inputs. Single-line "Other:" inputs continue to submit on plain Enter as before.(2026-05-15)
v1.373.4Compare Source
1.373.4
Patch Changes
4b895bfThanks @marandaneto! - Validate gzip request bodies at the browser send boundary and fall back to JSON if the outgoing body is not gzip data.(2026-05-12)
4b895bf]:v1.373.3Compare Source
1.373.3
Patch Changes
ad60818]:v1.373.2Compare Source
1.373.2
Patch Changes
223d925Thanks @marandaneto! - Validate native gzip output before sending requests and fall back when CompressionStream returns malformed data.(2026-05-11)
223d925]:v1.373.1Compare Source
1.373.1
Patch Changes
7d027bcThanks @dustinbyrne! - Prevent browser log capture from throwing when console arguments contain unreadable properties.(2026-05-11)
v1.373.0Compare Source
1.373.0
Minor Changes
4c0c7d9Thanks @williamchong! -capture()now accepts an optionaluuidonCaptureOptions.(2026-05-11)
Patch Changes
#3561
3511848Thanks @marandaneto! - Handle invalid persisted session replay config JSON gracefully(2026-05-11)
#3559
0a835faThanks @marandaneto! - Skip remote config background refreshes when no document is available.(2026-05-11)
Updated dependencies [
4c0c7d9,0a835fa]:v1.372.10Compare Source
1.372.10
Patch Changes
#3544
d120042Thanks @ksvat! - fix: stop session recording before destroying sessionManager inopt_out_capturing()withcookieless_mode: "on_reject". Previously, queued/throttled rrweb events (e.g. mousemove) could fire after the sessionManager was set toundefinedand throw[SessionRecording] must be started with a valid sessionManager. Also adds a defensive early-return inonRRwebEmitso any remaining late events bail out instead of throwing.(2026-05-07)
#3542
94a5ba0Thanks @TueHaulund! - Preserve<style>textContent when the browser's CSSOM serialization wouldemit empty longhands from
var()inside a shorthand. When a stylesheet hase.g.
padding: var(--p); padding-bottom: var(--pb);, browsers store theshorthand's longhands with empty token lists per the CSS Custom Properties
spec, and
CSSStyleRule.cssTextre-emits them aspadding-top: ; padding-right: ; padding-left: ;. The previous behavior replaced the<style>text with that corrupted output, silently dropping layout ruleson replay. We now detect the empty-longhand pattern and keep the original
textContent in that case. Affects users of any CSS-in-JS framework that
combines
var()with shorthands (Chakra UI v3, Panda CSS, Emotion, etc.).Same class of bug as rrweb-io/rrweb#1667. (2026-05-07)
Updated dependencies []:
v1.372.9Compare Source
1.372.9
Patch Changes
026e09dThanks @TueHaulund! - Pull in the canvas-manager fix from@posthog/rrweb0.0.61: skip canvassnapshots while the WebGL context is lost so transparent bitmaps don't
poison the worker's fingerprint dedup map and silently kill canvas
recording for the rest of the session. Also wraps
getCanvas()intry/catch so DOM/shadow-root traversal errors can't cancel the rAF
loop. See PR #3527 for context. (2026-05-05)
v1.372.8Compare Source
1.372.8
Patch Changes
255b273Thanks @marandaneto! - Gate survey translation logs behind SDK debug logging to avoid production console spam.(2026-05-04)
220cd61,255b273]:v1.372.7Compare Source
1.372.7
Patch Changes
8aee3d5]:v1.372.6Compare Source
1.372.6
Patch Changes
cf56753Thanks @lucasheriques! - Add translated survey rendering support in React Native and share survey translation logic through@posthog/core.(2026-05-01)
cf56753,04db756]:v1.372.5Compare Source
1.372.5
Patch Changes
c726aaeThanks @posthog! - fix(exceptions): avoid cross-origin property access when calling the previouswindow.onunhandledrejectionhandler(2026-04-29)
v1.372.4Compare Source
1.372.4
Patch Changes
5a6b2a5Thanks @posthog! - Fix copy autocapture when copying or cutting text from Shadow DOM or document fragment contexts.(2026-04-29)
v1.372.3Compare Source
1.372.3
Patch Changes
5b8efc3Thanks @lucasheriques! - Add browser survey translation rendering and language tracking.(2026-04-27)
v1.372.2Compare Source
1.372.2
Patch Changes
cba2570Thanks @veryayskiy! - Fix autofocus(2026-04-27)
v1.372.1Compare Source
1.372.1
Patch Changes
70508dfThanks @dustinbyrne! - Avoid usingBlob.stream()for native async gzip compression to prevent SafariNotReadableErrorstream failures.(2026-04-24)
70508df]:v1.372.0Compare Source
1.372.0
Minor Changes
eaa1322Thanks @veryayskiy! - You cannot write to a resolve ticket. Start a new one.(2026-04-24)
Patch Changes
v1.371.4Compare Source
1.371.4
Patch Changes
3c4fc1eThanks @fasyy612! - bump rrweb to 0.0.60(2026-04-24)
v1.371.3Compare Source
1.371.3
Patch Changes
61cf83eThanks @dustinbyrne! - Fix session recording in the full no-external browser bundles(2026-04-24)
daf028d]:v1.371.2Compare Source
1.371.2
Patch Changes
96f19b7Thanks @turnipdabeets! - Lift OTLP log serialization helpers from posthog-js into @posthog/core so theupcoming React Native logs feature consumes the same builders. Browser gains
two fixes as a side effect: NaN and ±Infinity attribute values no longer get
silently dropped during JSON encoding, and the scope.version OTLP field is
now populated with the SDK version (changes the server's instrumentation_scope
column from "posthog-js@" to "posthog-js@"). (2026-04-23)
96f19b7]:v1.371.1Compare Source
1.371.1
Patch Changes
2da17e8Thanks @marandaneto! - Classify SDK-owned persistence keys with an explicit event exposure policy so new internal persistence state must be intentionally marked as event-visible, hidden, or derived.(2026-04-23)
v1.371.0Compare Source
1.371.0
Patch Changes
#3432
1a8b727Thanks @richardsolomou! - refactor: rename__add_tracing_headerstoaddTracingHeaders. The__prefix signalled an internal/experimental option, but the config is a public API (documented for linking LLM traces to session replays).__add_tracing_headerscontinues to work as a deprecated alias on the browser SDK.Also exposes
patchFetchForTracingHeadersfrom@posthog/coreso non-browser SDKs can reuse the implementation. (2026-04-23)Updated dependencies [
1a8b727]:v1.370.1Compare Source
1.370.1
Patch Changes
6f19ce8Thanks @marandaneto! - fix(surveys): guard survey seen localStorage access(2026-04-22)
v1.370.0Compare Source
1.370.0
Minor Changes
922a1c1Thanks @hpouillot! - Add exception steps to error tracking (aka breadcrumbs)(2026-04-22)
Patch Changes
922a1c1]:v1.369.5Compare Source
1.369.5
Patch Changes
1a0b58d]:v1.369.4Compare Source
1.369.4
Patch Changes
d61bce1Thanks @sampennington! - fix(cookieless): start in cookieless mode when opt_out_capturing_by_default is set(2026-04-21)
v1.369.3Compare Source
1.369.3
Patch Changes
#3419
ea08727Thanks @haacked! - Reinstate$feature_flag_payloadsand$surveys_activatedin captured event properties.(2026-04-18)
#3416
3d8b2e2Thanks @feliperalmeida! - Updated dependencies: - protobufjs@7.5.5(2026-04-18)
Updated dependencies []:
v1.369.2Compare Source
1.369.2
Patch Changes
4a65604Thanks @dustinbyrne! - Add a preview flag for versioned browser lazy bundle asset paths.(2026-04-16)
4a65604]:v1.369.1Compare Source
1.369.1
Patch Changes
#3393
85ae4d9Thanks @haacked! - Exclude active feature flag payloads from event properties(2026-04-16)
#3392
00cd1ceThanks @haacked! - Fix unnecessary persisted config and activation properties (including product tours, surveys, and session recording config) added to captured events(2026-04-16)
Updated dependencies []:
v1.369.0Compare Source
1.369.0
Minor Changes
#3342
eea5260Thanks @ksvat! - Account for property filters on events in recording triggers for v2 triggers(2026-04-14)
#3281
b1fd228Thanks @ksvat! - Add session replay trigger groups handling (V2)(2026-04-14)
Patch Changes
v1.368.2Compare Source
1.368.2
Patch Changes
f1bea33Thanks @marandaneto! - Disable native gzip compression after a NotReadableError in the browser SDK(2026-04-14)
v1.368.1Compare Source
1.368.1
Patch Changes
d7c71b1Thanks @dmarticus! - Fix bootstrapped feature flags being overwritten by partial /flags response whenadvanced_only_evaluate_survey_feature_flagsis enabled(2026-04-14)
v1.368.0Compare Source
1.368.0
Minor Changes
3fcf5c4Thanks @jonmcwest! - Add posthog.captureLog() API for sending structured log entries to PostHog logs(2026-04-13)
Patch Changes
f5fe0a8Thanks @ksvat! - bump rrweb version(2026-04-13)
3fcf5c4]:v1.367.0Compare Source
1.367.0
Minor Changes
353be9aThanks @dustinbyrne! - feat: Add support for pre-loaded remote-config(2026-04-09)
Patch Changes
v1.366.2Compare Source
1.366.2
Patch Changes
575e354Thanks @lucasheriques! - Add a hover state to numeric survey rating options so they provide clearer pointer feedback before selection.(2026-04-09)
v1.366.1Compare Source
1.366.1
Patch Changes
802bf39Thanks @jabahamondes! - Re-evaluate consent persistent store when config changes to support cross-subdomain consent sharing(2026-04-09)
v1.366.0Compare Source
1.366.0
Minor Changes
b599672Thanks @veryayskiy! - Add customer side identification(2026-04-09)
Patch Changes
v1.365.5Compare Source
1.365.5
Patch Changes
c735b08]:v1.365.4Compare Source
1.365.4
Patch Changes
3939856Thanks @lucasheriques! - Expose the current question index on.survey-boxvia adata-question-indexattribute. This gives consumers rendering surveys via the API a reliable way to know which question is currently displayed without parsing input ids or class names — works for every question type, including link questions which render no input or rating element.(2026-04-08)
v1.365.3Compare Source
1.365.3
Patch Changes
dbdddcaThanks @pauldambra! - Bump @posthog/rrweb packages to 0.0.56, which includes:Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.